Re: network newbie seeks assistance debugging iptables for VPN tunnel

[Tom Roche <Tom_Roche@pobox.com>]

Back to this task after long detours! well, almost:

Matt Ventura Fri, 23 Jan 2015 12:47:21 -0800 [1]
>> The F5 VPN is throwing its default route over the original one, and that's
>> causing traffic to the OpenVPN server to try to route over the F5 VPN.
>> Obviously this doesn't work because the traffic to the F5 VPN needs to
>> go through the OpenVPN link, so it becomes circular.

>> What you need to do is add a route, something like:
>> route add <external IP of OpenVPN server> gw 192.168.1.1 dev eth0
>> so that the traffic to the OpenVPN server can be routed properly.

Sven Hartge Fri, 23 Jan 2015 21:53:35 +0100 [2] (tweaked)
> That would complete the VPN Trinity:
> * one route   0/1
> * one route 128/1
> * one host route to the other VPN endpoint (making it reachable regardless of other routes)

I will give that a shot ... after I take care of a bit more "real life" :-(
Meanwhile, I have uploaded a new'n'improved client_networking_investigation.txt[3]
(improved notably by my increasing facility with `ip` syntax). However it presently lacks

- your routing advice above
- scripting of connectivity checks (e.g., `ping`, `nslookup`)

which I will add (feel free to suggest others). I'm especially interested in the 'zombie routes' (i.e., I del a route, it disappears from `ip route show`, then reappears later) and other network-restoration oddities I'm observing (see states 5-8[3]), so I'd be especially interested in knowing how to prevent that. (I suspect it's due to my crude manner of starting/stopping OpenVPN on the client, but ICBW.)

Your assistance is appreciated! Tom Roche <Tom_Roche@pobox.com>

[1]: https://lists.debian.org/debian-user/2015/01/msg00830.html
[2]: https://lists.debian.org/debian-user/2015/01/msg00831.html
[3]: https://bitbucket.org/tlroche/linode_jumpbox_config/downloads/client_networking_investigation.txt